Our fast-paced lives are fueled by innovative, cloud-native companies. We are able to watch our favorite programs and movies from anywhere in the world on any device. We are able to collaborate with our colleagues on an upcoming presentation, regardless of whether we’re in the office or at home. Many companies responsible for these contemporary conveniences use a DevOps approach. DevOps isn’t just a portmanteau of “development” and “operations”— it’s a culture, a mindset dedicated to delivering the best product as quickly as possible. And for many DevOps teams, it’s a great time to be in business. Speed, agility, and innovation breed success for many businesses using this approach, and the DevOps team is often recognized as the hero of the story.
But in the midst of the exciting and dynamic continuous integration/continuous delivery (CI/CD) product lifecycle, security teams are often unfairly portrayed as villains. Sure, they might not cause destruction of epic proportions, but they are often seen as obstructionists, blocking both speed and innovation. At very best, security teams are viewed as the bearers of bad news. They tell developers to fall in line and threaten to shut down their work if they don’t comply. It’s not uncommon for the importance of the security team’s messages to become diluted, and for developers to ignore or resent their guidance.
However, with the move to the cloud, security needs to be a core function of everyone’s job. Self-service access means ownership and responsibility. We need look no further than the weekly announcements of the latest breach to understand the incredible impact that poor security practices have on companies and their customers. Thus, security should be a fundamental concern for an ..